diff --git a/backend/src/main/java/com/mapbefine/mapbefine/auth/application/TokenService.java b/backend/src/main/java/com/mapbefine/mapbefine/auth/application/TokenService.java index 3344a6f9..0fb0bd0b 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/auth/application/TokenService.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/auth/application/TokenService.java @@ -26,8 +26,9 @@ public LoginTokens issueTokens(Long memberId) { String accessToken = tokenProvider.createAccessToken(String.valueOf(memberId)); String refreshToken = tokenProvider.createRefreshToken(); - refreshTokenRepository.findByMemberId(memberId) - .ifPresent(refreshTokenRepository::delete); + if (refreshTokenRepository.existsByMemberId(memberId)) { + refreshTokenRepository.deleteByMemberId(memberId); + } refreshTokenRepository.save(new RefreshToken(refreshToken, memberId)); @@ -58,5 +59,4 @@ public void removeRefreshToken(String refreshToken, String accessToken) { } - } diff --git a/backend/src/main/java/com/mapbefine/mapbefine/auth/domain/token/RefreshTokenRepository.java b/backend/src/main/java/com/mapbefine/mapbefine/auth/domain/token/RefreshTokenRepository.java index 8fab5056..75838b30 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/auth/domain/token/RefreshTokenRepository.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/auth/domain/token/RefreshTokenRepository.java @@ -1,11 +1,10 @@ package com.mapbefine.mapbefine.auth.domain.token; -import java.util.Optional; import org.springframework.data.jpa.repository.JpaRepository; public interface RefreshTokenRepository extends JpaRepository { - Optional findByMemberId(Long memberId); + boolean existsByMemberId(Long memberId); void deleteByMemberId(Long memberId); diff --git a/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java b/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java index 2e11a2eb..f3ec2a3e 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/auth/infrastructure/JwtTokenProvider.java @@ -11,14 +11,13 @@ import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import java.util.Date; +import java.util.UUID; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @Component public class JwtTokenProvider implements TokenProvider { - private static final String EMPTY = ""; - private final String secretKey; private final long accessExpirationTime; private final long refreshExpirationTime; @@ -41,7 +40,9 @@ public String createAccessToken(String payload) { } public String createRefreshToken() { - return createToken(EMPTY, refreshExpirationTime); + UUID payload = UUID.randomUUID(); + + return createToken(payload.toString(), refreshExpirationTime); } private String createToken(String payload, Long validityInMilliseconds) { diff --git a/backend/src/main/java/com/mapbefine/mapbefine/auth/presentation/LoginController.java b/backend/src/main/java/com/mapbefine/mapbefine/auth/presentation/LoginController.java index b7ca5d0b..58a608e4 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/auth/presentation/LoginController.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/auth/presentation/LoginController.java @@ -64,7 +64,7 @@ private ResponseCookie createCookie(String refreshToken) { return ResponseCookie.from("refresh-token", refreshToken) .httpOnly(true) .maxAge(TWO_WEEKS) - .sameSite("Lax") + .sameSite("None") .secure(true) .path("/") .build(); diff --git a/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java b/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java index 2af70d48..6cfddd36 100644 --- a/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java +++ b/backend/src/main/java/com/mapbefine/mapbefine/common/config/WebConfig.java @@ -1,5 +1,6 @@ package com.mapbefine.mapbefine.common.config; +import static org.springframework.http.HttpHeaders.COOKIE; import static org.springframework.http.HttpHeaders.LOCATION; import static org.springframework.http.HttpHeaders.SET_COOKIE; @@ -16,7 +17,7 @@ public class WebConfig implements WebMvcConfigurer { public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOrigins("http://localhost:3000", "https://mapbefine.kro.kr", "https://mapbefine.com") - .allowedHeaders("refresh-token") + .allowedHeaders(COOKIE) .allowedMethods("*") .allowCredentials(true) .exposedHeaders(LOCATION, SET_COOKIE);